From: Peter Maydell <peter.maydell@linaro.org>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] bitops: fix types
Date: Sun, 8 Jul 2012 23:41:45 +0100 [thread overview]
Message-ID: <CAFEAcA9ZvW4zGKKfhFhMa2UEkDtOd8qyEDtJ_Fw+OBmdr04OkQ@mail.gmail.com> (raw)
In-Reply-To: <CAFEAcA8bGZ+fL0Sh8PJJiRq6eXDvJnpb4B1N6FYOmC64qAN1=A@mail.gmail.com>
On 8 July 2012 20:51, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 8 July 2012 20:39, Blue Swirl <blauwirbel@gmail.com> wrote:
>> On Sun, Jul 8, 2012 at 7:32 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
>>> On 8 July 2012 20:12, Blue Swirl <blauwirbel@gmail.com> wrote:
>>>> Nice. Why is it written like that, I'd use
>>>> start + length <= 64?
>>>
>>> That would fail to handle the case of start == length == INT_MAX.
>>
>> 64 - INT_MAX = 0x80000040 (maybe off by one), which should still
>> trigger assert(INT_MAX <= 0x80000040).
>
> Nope, because "64 - start" here is signed arithmetic, so 64 - INT_MAX
> underflows and gives you a negative number, and INT_MAX is not <= -ve.
> (We went through this in reviews for the initial patch.)
Sorry, my reply is confused, because your email had a structure
implying that you are asserting that 'start + length <= 64' is a
working check, but the calculation you do is for 'length <= 64 - start',
and I ended up writing garbage as a result of my failure to parse it.
For clarity (all assuming signed int parameters as the code currently
uses, since this was a question about the current code):
* "start + length <= 64" doesn't work because signed arithmetic means
the case of start = length = INT_MAX overflows and the condition
incorrectly doesn't trigger.
* "length <= 64 - start" does work, because there is no underflow
or overflow, and the condition correctly triggers.
assert(INT_MAX <= 0x80000040)
* although "assert(INT_MAX <= 0x80000041)" will trigger if written
out literally, "assert(INT_MAX <= (64 - INT_MAX))" will not, even
though 64 - INT_MAX is 0x80000041. (the literal hex constant will
be an unsigned value, so we end up doing an unsigned comparison,
whereas 64 - INT_MAX is signed and we do a signed comparison).
Isn't C great?
-- PMM
next prev parent reply other threads:[~2012-07-08 22:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-08 12:12 [Qemu-devel] [PATCH] bitops: fix types blauwirbel
2012-07-08 14:04 ` Peter Maydell
2012-07-08 18:32 ` Blue Swirl
2012-07-08 18:54 ` Peter Maydell
2012-07-08 19:12 ` Blue Swirl
2012-07-08 19:32 ` Peter Maydell
2012-07-08 19:39 ` Blue Swirl
2012-07-08 19:51 ` Peter Maydell
2012-07-08 22:41 ` Peter Maydell [this message]
2012-07-09 7:38 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA9ZvW4zGKKfhFhMa2UEkDtOd8qyEDtJ_Fw+OBmdr04OkQ@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=blauwirbel@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).